Guarding (Anti-Cheating) Techniques Viable for Open Source Games

This is a discussion on Guarding (Anti-Cheating) Techniques Viable for Open Source Games within the Game Programming forums, part of the General Programming Boards category; Yea, I don't know of any. I'm just looking for some ideas. The only thing that comes to my mind, ...

  1. #1
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    4,260

    Guarding (Anti-Cheating) Techniques Viable for Open Source Games

    Yea, I don't know of any. I'm just looking for some ideas.

    The only thing that comes to my mind, is patching libraries against offsets with some of the source for the guard mechanism itself kept private while those offset tables are local to a server.

    I figure, it would take a good hacker five minutes to get around.

    So, anyone have any ideas.

    Soma

  2. #2
    Programming Wraith GReaper's Avatar
    Join Date
    Apr 2009
    Location
    Greece
    Posts
    1,625
    You could do that, but the whole idea of open-source would be no more!

    I believe that game hacker mostly care about all the other players of that game ( their position, velocity, life or ammo left etc ).
    You could see to none of that information can be used for other than rendering the scene. Now how you'll do that, hmm...
    Devoted my life to programming...

  3. #3
    Registered User
    Join Date
    Aug 2010
    Location
    Poland
    Posts
    682
    I used to hack games so I could talk about this for a long time. The most important thing is to make as many server-side things as possible. A good example are web browser-based games, where every principle of the game is processed by the server.

    The real problem can be bots and information hacks. These ones are very useful, give big advantage to the player, and tend to be very hard to detect. They are perfect for leagues, often do not change anything in the game state. They are hard to detect, because they work on client's machine in every aspect. To detect them you need a client-side anti-cheat (like punk buster).

    One advice I can give is: do NOT write your own anti-cheat system. You will save your time using a third-party (PB, valve) or just ignore it. All you can (and should) do is smart network protocol / server-side coding.
    Last edited by kmdv; 04-10-2011 at 12:13 PM.
    I never put signature, but I decided to make an exception.

  4. #4
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    4,260
    You could do that, but the whole idea of open-source would be no more!
    That path only leads to a pointless philosophical debate.

    I believe that game hacker mostly care about all the other players of that game.
    It isn't that kind of game. Think a simplified "Dwarf Fortress" with globally persistent worlds, continuous effects, multiple players, and PvP.

    You could see to none of that information can be used for other than rendering the scene.
    ^_^

    It sounds to me like someone has been getting owned in the "Call of Duty" games.




    I used to hack games so I could talk about this for a long time.
    I still hack games when I'm done playing them the first time around.

    The most important thing is to make as many server-side things as possible.
    This is obvious.

    In any event, because source is available, "man-in-the-middle" attacks offers a high chance of a successful exploit even when using a cryptography scheme for transmission.

    A good example are web browser-based games, where every principle of the game is processed by the server.
    That's a terrible example; I exploited the crap out of "Legends of Zork" before I got banned, and even if that were acceptably true, I'm not only worried about simple fishing or "duping".

    Honestly, to me it just serves to show that games hackers don't care about as much don't get hacked as much.

    The real problem can be bots and information hacks.
    Yes. See my original post. That is one possible method for discovery and prevention of client side binary injection attacks, but it only even has a chance when the server is allowed to distribute dynamic patches without distributing the source to those patches. And even then, a good hacker with knowledge of the system shouldn't take more than a few minutes to get around it.

    One advice I can give is: do NOT write your own anti-cheat system.
    I take it that you missed the "Open Source" part. I'm fine handing off a huge chunk of open source code and allowing someone to keep certain changes private for the purposes of exploitation prevention, but using almost any third-party system prevents even that much.

    Sure, you can use certain third-party systems in a two stage setup where the principled code can be completely removed from the client code base, but that means that "out of the box" the code has no protection whatsoever, and it would also mean that I'm endorsing some particular provider by distributing such a setup.

    All that said, would you want to download open source software that burned you with what is essentially spyware? The source would be yanked out and distributed with nothing instead.

    You will save your time using a third-party (PB, valve) or just ignore it.
    Just so as you know, "PunkBuster" is broken beyond belief, and I'm not even talking about the draconian license or the invasive measures to client privacy. I can't cheat it for now, but I can get legit players banned left and right. That's not what I want for people who give my game a chance.

    The last I looked, Valve's methods were integrated into "Steam" and not all that great to begin with. I'm fine with "Steam" as a service, but coupling it to a system for only that purpose is ridiculous.

    Just in case it comes up, the system used by Blizzard is nice, and I admit, I've never worked against the version included with "World of Warcraft", but the version used with the latest version of "Diablo II" only took me a few weeks to break sufficiently for my purposes.

    In any event, some of the licenses at play would not allow me to distribute a "GPLv3" implementation even if behind a facade.




    So, yea, I'm still looking for techniques viable for open source games; if there are any.

    Soma

  5. #5
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    4,260
    Finally!

    I've been trying to edit for hours.

    Anyway, I realize that came out rude. I apologize.

    I actually said a lot more originally, but forum software and slowdown ate that huge post.

    Soma

  6. #6
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    As one of the guys who builds the nuclear weapons for the "good guys" in this escalating hack/anti-hack arms race, I can say that the black hats take a lot more pleasure in it than I do, that it's tedious, it's unrewarding, my efforts are never recognized and appreciated, and, ultimately, even though I'm working for the good guys, the stuff I create is WMD and it doesn't make me feel all warm and fuzzy doing it.

    See for instance the authoritarian technologies developed by Blizzard to attempt to control this stuff. You can understand WHY they do it, but it's still creepy as hell. Doing it in an open source context is kind of like standing in a glass room in the middle of Times Square performing surgery on babies with no anaesthetic. People will be booing you, throwing rotten vegetables and wishing for your death. It's a completely thankless task.

    Having said that, can you be more specific about what you really want?
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  7. #7
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    4,260
    Having said that, can you be more specific about what you really want?
    I've been working on this, and I still am. I'm trying to broil down what I've got, what my concerns are, and some of my ideas without throwing a crazy huge wall of text up I know that no one is going to read.

    I just haven't been sleeping well and what with everything else I just haven't gotten to it yet.

    Anyway, thanks to everyone whose come by, I'll get more information up as soon as I can.

    Soma

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Open source, easy-to-use XMPP messenger: Open-IM
    By mkruk in forum Projects and Job Recruitment
    Replies: 1
    Last Post: 06-22-2008, 04:10 PM
  2. Open Source / Semi Open source game idea. Help needed
    By CaptainPatent in forum Projects and Job Recruitment
    Replies: 10
    Last Post: 05-16-2007, 10:44 AM
  3. open source games
    By Ideswa in forum Game Programming
    Replies: 2
    Last Post: 04-01-2006, 08:48 AM
  4. Anti-Virus Source codes
    By sprax2ng in forum C Programming
    Replies: 1
    Last Post: 02-19-2005, 11:04 AM
  5. Open Source Progs/ Games
    By NewbieVB in forum C++ Programming
    Replies: 2
    Last Post: 06-04-2002, 09:21 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21